#include <u.h>
#include <libc.h>
#include <auth.h>


static void cleanup_caplist(pam_handle_t *, void *, int);


int
authenticate(char *user, char *password)
{
  int retval;
  AuthInfo *ai;
  char **caplist;

  if((ai = auth_userpasswd(user, password)) == nil)
    return -1;

  if( ai->cap == NULL ){
    perror("no capability");
    return -1;
  }

  /* Copy the capabilities from the authinfo structure to 'caplist' */

  /* save the capabilities using pam_set_data */
  retval = pam_set_data(pamh, "caplist", caplist, cleanup_caplist);
  
  auth_freeAI(ai);
  return retval;
}


static void
cleanup_caplist(pam_handle_t *pamh, void *data, int pam_end_status)
{
  /* Clean up all the capabilities that have been retrieved 
   * from the host owner's factotum on authentication.
   */
}

